Arbitrary tweets made by TheGingerDog (i.e. David Goodwin) up to 01 May 2013
Fail2ban filter for WordPress
With the annoying brute force wordpress hack going round, one way to protect your site(s) would be to use fail2ban, with a configuration something like (which I’ve shamelessly lifted from http://blog.somsip.com/2011/12/protecting-apache-webservers-from-wordpress-admin-login-dictionary-attacks/ ).
The below seems to be working, and given it’s relative simplicity it’s obvious how you’d go about changing to protect other POST based scripts from brute force attacks. Obviously it’s not going to work if the attacker changes IP often (but from scanning the logs so far, it doesn’t seem to be the case that they are).
Obvious caveats :
- Users who can’t remember their password(s) will get blocked.
- It’s not going to protect you from a distributed attack (multiple IPs) very well
- You may want to perform other counter-measures (like putting Apache http authentication in for URLs matching /wp-login.php)
In /etc/fail2ban/jail.conf :
[apache-wp-login] enabled = true port = http,https filter = apache-wp-login logpath = /var/www/vhosts/*/statistics/logs/access_log maxretry = 5 findtime = 120
And In /etc/fail2ban/filter.d/apache-wp-login.conf :
[Definition] failregex = <HOST>.*] "POST /wp-login.php ignoreregex =
Automated twitter compilation up to 01 April 2013
Arbitrary tweets made by TheGingerDog (i.e. David Goodwin) up to 01 April 2013
Categories: Twitter
Leave a comment
Script to fix NFS (Debian Squeeze + Backports bits)
I have a NFS server running Debian Squeeze. Additionally it’s using the 3.2.x kernel from backports, and the nfs-kernel-server from backports too.
Sometimes NFS breaks, and gives helpful messages like :
mount.nfs: connection timed out
or just:
Stale NFS handle on clients.
While I’m confident that my /etc/exports and other configuration files are correct, it still insists on misbehaving.
Below is a random shell script I seem to have created to fix the NFS server -
#!/bin/bash set -e /etc/init.d/nfs-kernel-server stop /etc/init.d/nfs-common stop /etc/init.d/rpcbind stop rm -Rf /var/lib/nfs mkdir /var/lib/nfs mkdir /var/lib/nfs/v4recovery /var/lib/nfs/rpc_pipefs for f in /var/lib/nfs/etab \ /var/lib/nfs/rmtab \ /var/lib/nfs/xtab; do [ -e $f ] || touch $f done /etc/init.d/rpcbind start sleep 2 /etc/init.d/nfs-common start sleep 2 /etc/init.d/nfs-kernel-server start echo "NFS may now work" exportfs -f
Yes… “NFS may now work” … that sums it up about right.
Spam and Comic Sans.
Today, I received a spammy email from an unknown golf club. There was no obvious unsubscribe link or instructions, so I blindly replied with :
Hi,
Please remove 'xxxxxx' from your mailing list; we've no interest in golf…
Thanks,
David
They replied with :
REMOVED OK
But it was actually :
<FONT color=#0000ff size=4 face=”Comic Sans MS”>REMOVED OK</FONT>
i.e.
So I had to reply with :
<div style=”text-align: center;”><u style=”font-size: 144px; color: rgb(245, 236, 0); font-family: ‘Comic Sans MS’; “><b>Thank you!1!!</b></u></div>
I fear the intricacies of my reply were lost on them.
A few months with a Nexus 4
So, I’ve had a Nexus 4 for a while now … here’s some findings :
- The phone is symmetrical (or very close to it) – so I often pick it up the wrong way around – at least with an iPhone there was a button at the bottom which acts as an easy to feel guide so you can pick it up correctly in the dark. Adding a case to it helped.
- You need a bumper/case for it… mine cost £3 on Amazon or something … without one it’s too slippery/slides off everything.
- The battery life is both good and bad – while not in use, it lasts ages; but it has a big screen – so playing games or watching Netflix on it, will really kill the battery. I’m using Battery Widget Reborn – which does a great job at turning wifi/sound/gps etc all off overnight which helps a bit.
- I came to use the Nexus 4 from using an iPhone – my main like is widgets – having something that updates in real time on your desktop (why did the iOS weather app never display today’s symbol?) is great.
- I miss having a count of notification numbers next to the launch icons.
- I kind of miss iMessage – in so far, as I wish Google had something similar. At the moment there is gtalk, google plus chat (or something) …. which don’t seem to be totally integrated … and I have to supplement this with WhatsApp which not all that many people use (here’s hoping for Google Babble)
- I wish the Bluetooth integration was better – not being able to see track names etc on the £30 Sony MW600 thing I bought kind of sucks. I’m fairly sure that if my car was good enough to have a bluetooth capable radio, then I wouldn’t see any track names from it either :-/
- I like Navigation – I’ve used this a number of times and it does a good job. If only I could make it’s voice louder though. Perhaps this is why I need a car radio with blue teeth.
- I’ve not noticed that I’m missing any apps from iOS which aren’t available on Android – but I suspect I only regularly use ~10 (k9 mail, world war, twitter, whatsapp, bbc news, facebook, gallery, nagios, kashdroid, ZombieRun!).
- The screen is a little too big to use it with only one hand.
Automated twitter compilation up to 01 March 2013
Arbitrary tweets made by TheGingerDog (i.e. David Goodwin) up to 01 March 2013
Categories: Twitter
Leave a comment
Automated twitter compilation up to 01 February 2013
Arbitrary tweets made by TheGingerDog (i.e. David Goodwin) up to 01 February 2013
Categories: Twitter
Leave a comment
Automated twitter compilation up to 01 January 2013
Arbitrary tweets made by TheGingerDog (i.e. David Goodwin) up to 01 January 2013
Categories: Twitter
Leave a comment
Virtualbox 4.2 VM autostart on Debian Squeeze
One new feature of VirtualBox 4.2 is that it has support for auto-starting vm’s on bootup of the host server (via init etc). This means I can remove my hackish ‘su – vbox -c “VBoxHeadless –startvm VMName &”‘ additions in /etc/rc.local, and the VM’s will also hopefully be terminated gracefully on shutdown.
The docs/guides online which I could find were a bit cryptic, or incomplete, so here’s what I ended up doing :